CN103081400B - For the method processing information in the communication network being made up of multiple network nodes - Google Patents

For the method processing information in the communication network being made up of multiple network nodes Download PDF

Info

Publication number
CN103081400B
CN103081400B CN201180042724.7A CN201180042724A CN103081400B CN 103081400 B CN103081400 B CN 103081400B CN 201180042724 A CN201180042724 A CN 201180042724A CN 103081400 B CN103081400 B CN 103081400B
Authority
CN
China
Prior art keywords
information
network node
check
communication network
verification
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201180042724.7A
Other languages
Chinese (zh)
Other versions
CN103081400A (en
Inventor
赖纳·法尔克
斯特芬·弗里斯
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Siemens AG
Original Assignee
Siemens AG
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Siemens AG filed Critical Siemens AG
Publication of CN103081400A publication Critical patent/CN103081400A/en
Application granted granted Critical
Publication of CN103081400B publication Critical patent/CN103081400B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L1/00Arrangements for detecting or preventing errors in the information received
    • H04L1/24Testing correct operation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3242Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Power Engineering (AREA)
  • Computing Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Small-Scale Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

The present invention relates to a kind of in communication network (N), the method that particularly processes information (CO) in the communication network of automation equipment.In the method according to the invention at the network node (N1 of communication network, N2) information (CO) is transmitted between, check information (CPS) combination that this information is verified with energy respectively, to determine that corresponding information (CO) is the most reliable, wherein, reliable information (CO) causes the check results of affirmative and insecure information (CO) to cause the check results of negative.For for corresponding network node (N1, N2) one or more information (CO) arranged, according to the present invention respectively at corresponding network node (N1, N2) in during reception information, by corresponding network node (N1, N2) perform to connect the behavior of this information (CO), and do not verify the check information (CPS) combined with information (CO), wherein, after performing the behavior, verify this check information (CPS) by corresponding network node (N1, N2) and perform one or more predetermined measure when check results is for negative.The method according to the invention is used in particular in automation equipment transmitting control instruction, and can ensure that without verifying this instruction of execution rapidly of check information ground.By suitably determining predetermined measure, it is performed when check results is for negative, such as, cancel executed instruction, therefore can realize effectively protecting communication network to prevent third party attack.

Description

For the method processing information in the communication network being made up of multiple network nodes
Technical field
The present invention relates to a kind of method for processing information in the communication network being made up of multiple network nodes and a kind of corresponding communication network and the corresponding network node of one.
Background technology
By known in the art, design utilizes check information to transmit information in communication network.Such as can be verified by so-called CRC (CRC=CyclicRedundancyCheck) and be measured, whether the data of information there occurs change when transmission due to error of transmission.It is also known that information with cryptographic check and, wherein, produce in the case of using password this verification and.Thus can ensure that, that information of the password the most only with encryption can produce the verification that can verify that and.Therefore, in communication network, the transmission of unwarranted information is resisted.It addition, according to cryptographic check and also can determine that, this information is handled by assailant the most without permission.
Although applying check information can realize, for the effective protection attacked, although a disadvantage is that, i.e. generally having to perform the cryptographic calculation of Expenses Cost in order to verify check information when transmitting information in communication network, this cryptographic calculation makes other process of information postpone.This is of great importance for automation equipment especially in communication network.Here, great majority instruction or control instruction pass to the device of the mutual network consisting of automation equipment by information.These instructions are typically time-critical, say, that only can perform these instructions with less delay, because otherwise can occur interference in the operation of automation equipment.
A kind of method illustrating configuration change for reversibly performing connection authorisation verification in controlling device in publication DE102007040094B4.It addition, can be accomplished that, when cancelling authorisation verification later, configuration change reduces.
Publication DE102007053255A1 illustrates a kind of in information processor for the method processing information, wherein, in terms of the safety detection of corresponding information, depend on that the content of information carrys out priority resolution.
Summary of the invention
It is an object of the invention to, it is achieved a kind of method processing information in communication network, wherein, corresponding information is protected by check information, and also achieves rapid process information in communication network.
This purpose is realized by a kind of communication network or a kind of network node.
The method according to the invention is for processing information in the communication network being made up of multiple network nodes, and wherein, this communication network is preferably the communication network of automaticization equipment.In these application affairs, these single network nodes are the assemblies of automation equipment, and in carried out the framework of process of automatization by this equipment, these network nodes implement corresponding purpose when running this equipment.Especially, network node there is described herein and controls device, sensor, executor, the middle switch (such as Ethernet switch) connected and analog.It addition, automation equipment could be for process automatization or for the equipment of manufacturing automation.Similarly, automation equipment describes for building automation or the equipment of energy automatization.
In the scope of the method according to the invention, in step a), information is transmitted, check information (CPS) combination that this information is verified with energy respectively, in order to determine that corresponding information (CO) is the most reliable between the network node of communication network.When information causes the check results of affirmative, then be reliable in this this information.Otherwise this information is classified as insecure.The concept of reliability is understood further and can connect criterion arbitrary, that can be properly determined.Such as when information can be validated successfully with the form of verification sum based on check information, or when the authorisation verification (such as certificate) connecting this information can be validated successfully, then information can be reliable.
The method according to the invention is characterised by, i.e. in step b), for arranging or determining one or more information in the bulk information of at least one of corresponding network node of network node, when receiving information in corresponding network node respectively, the behavior of link information is performed by corresponding network node, and do not verify and the check information of information combination, wherein, after performing the behavior, verify this check information by corresponding network node and perform one or more predetermined measure when check results is for negative.Therefore information is associated with predetermined behavior, and wherein, the concept of behavior is further understood that and can include especially single step or also can include the sequence of multiple behavior step.In a preferred variant, this information is corresponding instruction, and this instruction can be performed by corresponding network node.If employing the method according to the invention in the communication network of automation equipment, this information is preferably the instruction of control instruction form, for performing step by corresponding network node in the framework of the process performed by automation equipment.
With step a) and step b), preceding feature is marked, is used only for more simply with reference to these features and and the uncertain order wherein needing to perform step.
The method according to the invention based on idea be, major part information of transmission in communication network is reliable and causes the check results of affirmative in the framework of verification check information.Therefore, the most promptly perform the behavior of connecting information and do not verify check information, wherein, but after performing the behavior message certification be insecure in the case of, define corresponding measure.These measures are used in particular for protecting communication network to prevent insecure information.In the simplest situations, measure can be output alarm signal, it is thus possible to point out insecure information to the user of communication network, and can start other steps corresponding.
In a particularly preferred embodiment, the check information combined with corresponding signal be included in the suitable verification produced in the case of consideration information and, wherein, can determine that whether this information is changed to when verifying and verify, and the information wherein, being changed is insecure information.It addition, verification and can be CRC-verification and, utilize this verification and can determine that the integrity of this information.Preferably, verify and be cryptographic check and, wherein, produce in the case of the password using encryption this cryptographic check and, particularly produce in the case of the method using symmetrical and/or asymmetrical encryption this cryptographic check and.It addition, can apply arbitrary, be used for producing by the method disclosed in prior art such verification and, be based particularly on the hash function of encryption, such as SHA-1, MD5, HMAC-MD5, AES-CBC-MAC.Similarly, verify and can produce based on above utilizing applicable signature algorithm, such as RSA, DSA, EC-DSA and similar algorithm.
If desired, whether check information also can include the authorisation verification of particularly certificate form, thus can be transmitted by grantee by check information.Additionally, if authorisation verification successfully can be verified in the framework of verification check information, then this information is reliable information.With verification above and differently, authorisation verification energy can be produced and do not consider the data comprised in this information.
In another particularly preferred embodiment of the method according to the invention, recovery information is stored in corresponding node, can be reduced in the middle behavior performed of step b) by this recovery information.Recovery information can such as be exported in performing the framework of behavior of this information of connection from this information.Similarly, restoring information can be already contained in this information.Recovery information is for reduction behavior of connecting information in step b) when check results is negative, and wherein, this reduction describes the embodiment running predetermined measure, implements this measure when check results is for negative.
Using in the framework of the method in the communication network of automation equipment, this or these predetermined measure is particularly including the emergency shutdown of one or more assembly of automation equipment and/or emergency operating.
The most always it is carried out the step b) of the method according to the invention, say, that when receiving information in corresponding network node, this information is provided for this network node every time.But there is also such probability, i.e. then perform step b) only for the information meeting one or more criterion, wherein, for not meeting the information of one or more criterion, first verify the check information of this information and only and then perform the behavior of connecting information when check results is affirmative.By this way, the behavior which information first should perform to connect this information for can be determined according to applicable cases in a suitable manner, and check information is not verified.Information is included in specific implementation time-critical and non-time critical information, and wherein, information needs the criterion met to be present in, and this information is time-critical.It is to say, the behavior of connecting information is time-critical and should promptly be performed, that this information is included into time-critical and continue to be processed without verifying check information.
When using the method according to the invention in the communication network of automation equipment, information can be included into further for running automation equipment time-critical and non-time critical information.When the behavior of link information can cause damage that automation equipment is bigger or the longer stopped status of automation equipment, the most crucial in this this information.Additionally, information needs the criterion met to be, this information i.e. is non-key for running automation equipment, say, that perform to connect the behavior of non-key information at once without verifying checking information, first proceeds crucial information on the contrary to process after successfully checking information.
In the other embodiment of the method according to the invention, the information of one or more parameter in corresponding network node for the behavior change that connect, need the criterion met to be, i.e. the change of at least one parameter is positioned under predetermined degree or not on predetermined degree.It is to say, when parameter simply slightly changes, first without considering that information is continued with and performs to connect the behavior of this information by check information.It addition, it follows that i.e. parameter corresponding network node in properly functioning only changes in the numerical range determined.Thus with the parameter change in this numerical range, it is not manipulated by information high probability, thus without verifying check information, can be first carried out connecting the behavior of such information.
The variant of the explanation now of the method according to the invention preferably reuses in the communication network of automation equipment.It addition, this or these parameter be one or more in terms of the process implemented by automation equipment in corresponding network node the flow of changeable adjustment amount, such as liquid or gas, valve location, engine revolution, pressure and similar amount.
In the other design of the method according to the invention, wherein there is the criterion that information needs meet, perform to connect the behavior of this information therefore without verification check information, in the time interval in predetermined past, in corresponding network node, i.e. receive identical or similar information and performed based on step b), wherein, the verification to the check information of this identical or similar information causes the check results of affirmative further.Employ such cognition in this embodiment, i.e. the parameter in continuous print information each other is in the application scenarios determined, such as in the communication network of automation equipment, change the most lentamente, thus the minor alteration of the parameter of this information indicates information that is unchanged or that be not manipulated by, can be first without processing this information with verifying check information.The criterion sorted out with being similar to another information by info class can be suitably determined when according to applicable cases.When information parameter has the most maximally changed 5%, then such as information can be included into the information being similar to earlier.
Except method stated above present invention additionally comprises, there is the communication network of multiple network node, wherein, the network node of communication network so designs, and i.e. can perform one or more variant of the method according to the invention or the method according to the invention in communication network.
In addition the present invention relates to for applying the network node in such communication network, wherein, network node so designs, i.e. this network node is according to when running in the communication network of the present invention, for one or more information being provided in the bulk information of network node, network node is respectively when the information of reception, perform to connect the behavior of this information without the check information that verification is combined with information, wherein, this network node verifies this check information after performing the behavior and causes when check results is for negative or self performs one or more predetermined measure.
Accompanying drawing explanation
Describe embodiments of the invention below in conjunction with the accompanying drawings in detail.
It illustrates:
Fig. 1 is the schematic diagram transmitting instruction in the framework of the embodiment of the method according to the invention;
Fig. 2 is the schematic diagram of process apparatus, wherein processes instruction based on the method according to the invention;
Fig. 3 is the chart of the flow process of a kind of embodiment having reproduced the method according to the invention;
Fig. 4 is the chart of the flow process of the another embodiment having reproduced the method according to the invention.
Detailed description of the invention
Below with reference to the communication network in automation equipment, the method according to the invention being described, wherein these single network nodes are the assemblies of automation equipment, and these assemblies can be each other by corresponding network communication.Fig. 1 illustrates such communication network N, wherein, two network node N2 and N2 communication with one another.These network nodes are the corresponding devices of automation equipment, and wherein, network node N1 is that to control device and network node N2 be by controlling the device that device controls.Controlling device and such as relate to a kind of Programmable Logic Controller, this Programmable Logic Controller is connected with controlled device by network, and this device can e.g. electromotor, valve, sensor and similar device according to the design of automation equipment.Network N can be such as ethernet network, is based particularly on the ethernet network of EPA.Similarly this network can be designed as IP network, mobile communication network, wlan network and similar network.The automation equipment networked by communication network N similarly can at random be designed.It is particularly directed to process automatization or the equipment for the production automation.Equipment can also be for building automation or the equipment of energy automatization if desired.
In the framework of the equipment of operation, between network node or device, information is swapped with the form of instruction, wherein, represent corresponding instruction with reference number CO the most in FIG.This instruction is by controlling device N1 transmission to controlled device N2, and is given accordingly to this controlled device, needs the instruction that performed by this device.In order to protect against the operation of assailant, in embodiment illustrated here, all instruction CO are designed with corresponding verification and, this verification and represent with CPS in FIG and be attached to this instruction CO.Below illustrated embodiment additionally relates to cryptographic check and, such as with the form (MAC=MessageauthenticationCode) of MAC, utilize it to be able to verify that the credibility of instruction CO by the password of encryption.
Also can apply symmetry and asymmetrical method for produce verification and.Symmetrical method is given and controls the key that device N1 and controlled device N2 provides identical.It addition, application instruction CO and this key in the case of produce this verification and, and corresponding to this key verify in controlled device N2 this verification and.It is also possible that use asymmetrical method, wherein, utilize key certainly produce in controlling device N1 verification and, and disclosed key verifies in controlled device.Utilize cryptographic check stated above and the manipulation that can recognize that in instruction CO, flow into because instructing self when generation and the checking verifying sum, thus this checking is no longer successful when changing instruction.It addition, assailant and in the case of being unaware of corresponding (secret) key, it is impossible to calculate effective cryptographic check and and thus can not instruction input in this network.
Utilize cryptographic check stated above and, it is ensured that the communication network in automation equipment effectively protects.But it addition, show as shortcoming, i.e. in order to verify verification and have to carry out the computing of the high encryption calculating cost, the computing of this encryption can cause significantly postponing when running automation equipment.This delay is for determine, and the particularly instruction of time-critical is no longer receptible.In order to such delay is avoided in the instruction for determining, in the most illustrated embodiment, when predetermined instruction arrives in corresponding network node, first caused the execution of corresponding instruction without verification checking and ground by this communication network, in order to thus avoid time delay.Be merely proximate the verification realizing verification sum, wherein, the most successfully verify this verification and in the case of perform accordingly relative measure for protecting communication network.It is furthermore advantageous to again reduce the instruction being performed.This is realized by corresponding recovery information or the Roll-back information being stored in this network node when performing corresponding instruction.
Fig. 2 schematically shows the example of the automation equipment of process apparatus form, wherein, can instruction be processed based on the method according to the invention.Container is fed liquid to, in this embodiment by this liquid agitation when running the equipment shown in this.In fig. 2, additionally representing this container with reference number B, wherein, liquid flows in container B through the input pipe Z opening or closing that can be suitable by valve VZ.It is provided with agitator R in a reservoir, the liquid that this agitator is driven by corresponding motor M and stirred in container.Additionally, be provided with temperature probe T and heater H on container.By heater, liquid is heated to a temperature determined when stirring.After implementing stirring process, by the delivery line A with corresponding valve VA, liquid is derived, and input the other station of automation equipment if desired.The process of stirring is controlled by process computer PR, and this process computer is received control command by operation and monitoring unit BU again.It addition, the other assembly of process computer PR and this automation equipment, say, that input pipe valve VZ, outlet tube valve VA, heater H, thermometer detector T and motor M, it is connected.The assembly mentioned now and process computer PR and operation and monitoring unit BU are the network node of corresponding communication each other.
Additionally in the framework of process illustrated in fig. 2, instruction or control instruction are transferred to process computer PR with monitoring unit and are transferred to motor M by process computer PR, are transferred to valve VZ or VA and heater H by operating.Temperature value is understood to instruct accordingly by the transmission of temperature probe T to process computer PR, because process computer PR depends on that temperature value is to perform regulation behavior, in order to liquid is heated to a temperature determined or is maintained at this temperature.The communication between assembly in the scene of Fig. 2 such as can pass through fieldbus, such as HART, PROFIBUS or realized by communication network based on Ethernet or IP.
Illustrating the embodiment of the method according to the invention according to Fig. 3 below, wherein, each control instruction received within network nodes is not dependent on its content ground and is first performed, and and then verify its verification and.It addition, network node can be such as the assembly of process apparatus shown in fig. 2.
The starting of the method represents by step S1.Being received control instruction by corresponding network node in step s 2, wherein, this network node is drawn by control instruction in step s3 and stores Roll-Back information.Performed control instruction can be reduced again based on this Roll-Back information.Roll-Back information also can directly be encoded in control instruction if desired.Perform control instruction the most in step s 4, such as, change the revolution of motor or be turned on and off corresponding valve.Only perform to verify in step s 5 after control instruction the cryptographic check of control instruction and.It addition, determine this verification and the most effective or invalid in step s 6.If this verification and be effective (the branch road Y in step S), then the Roll-Back information stored in step s3 before deleting in S7, and terminate the method the most in step s 8.If on the contrary, cryptographic check and be invalid (the branch road N in step S6), the most in step s 9 based on Roll-Back information reverting control instruction, thus again forming the state of corresponding network node before performing control instruction.Realize the most in the step s 7 deleting control instruction, and terminate the method in step s 8.
Utilize at the variant of the present invention illustrated in fig. 3, it is achieved that effectively run corresponding automation equipment, and slowly postpone by verify this cryptographic check and.Additionally, it follows that, i.e. generally few from third-party attack, and in most of the cases the execution of control instruction is reliable accordingly.The few situation of verification sum that can not verify this control instruction for these, is ensured that by corresponding Roll-Back information, again forms the state of automation equipment before performing this control instruction.
Fig. 4 shows the other variant of the method according to the invention, wherein, only for predetermined control instruction, it is achieved implement this control instruction, not previous verification checking and.It addition, predetermined criterion is determined, thus control instruction is described in detail as follows, and the most whether these control instructions should perform without verifying this verification and ground or only in this verification of unsuccessful verification and perform afterwards.Such as control instruction can realize first without verifying this verification with ground for closing the motor in automation equipment, on the contrary, for opening the control instruction of motor first should verify at unsuccessful verification and realize afterwards.This is that the closedown process of motor is time-critical, because due to irregular, this such as can relate to emergency cut-off.First the control instruction changing given revolution, setting pressure, given flow and similar quantity in additional examples in predetermined numerical range is performed, and without verification verification and.When among the previous time interval determined, have received have effective cryptographic check with, identical or similar control instruction time, then control instruction the most only performs without verifying this verification and ground.It addition, similar control instruction is interpreted as the control instruction that indicator parameter slightly changes, the parameter change such as being had is less than 5%.To be concerned with for this, i.e. control instruction only slowly changes in automated process in the parameter of this control instruction, and therefore can draw, the control instruction that i.e. its parameter changes the most fiddling relative to previous control instruction is not manipulated by.
The S101 that begins through of the method for Fig. 4 represents.Control instruction is have received in a step 102 in corresponding network node.With the embodiment of Fig. 3 differently, first network node verifies control instruction in step s 103 is any type.If this control instruction at this be without verify cryptographic check and and the control instruction (the branch road Y in step S103) that is carried out, again drawn by control instruction in step S104 and store corresponding Roll-Back information.And then perform in step S105 control instruction and being merely proximate verify in step s 106 control instruction cryptographic check and.If drawing this cryptographic check at this in step s 107 and being effective (the branch road Y in S107), delete the Roll-Back information of earlier stored in step 108, and in step S109, terminate the method.If on the contrary, this cryptographic check and be invalid (the branch road N in S107), then this control instruction is reduced in step s 110 based on Roll-Back information, and the most again deletes this Roll-Back information in step S108 and terminate the method in step S109.
If above step S103 in show that this control instruction is only in successfully verification cryptographic check and the instruction (the branch road N in step S103) that is performed afterwards, first verify in step S111 this cryptographic check with.If determining this verification at this in step S112 and being that effective (the branch road Y in step S112) achieves the execution of control instruction in step S113 and and then terminate the method in step S109.If on the contrary, determine the ineffectivity (the branch road N in S112) of the cryptographic check sum of this control instruction in step S112, step S114 is refused this control instruction and in step S109, and then terminates the method.
The method according to the invention, at embodiment above, there is a series of advantage.Particular at least perform some, for run the unessential control instruction of automation equipment, and not over verification cryptographic check sum additional delay.Thus avoid delay.Until this cryptographic check and be verified the persistent period limit in time a kind of may less desirable effect.When achieving adjustment purpose, decrease fault time by this way, thus in view of stability and regulation motility (Regeldynamik) can realize more preferable accommodation property.

Claims (32)

1. for the method for process information (CO) in the communication network (N) being made up of multiple network nodes (N1, N2), in the process:
-step a): at the described network node (N1 of described communication network, N2) information (CO) is transmitted between, check information (CPS) combination that described information is verified with energy respectively, to determine that corresponding described information (CO) is the most reliable, wherein, reliable information (CO) causes the check results of affirmative and insecure information (CO) to cause the check results of negative;
-step b): for being provided for described network node (N1, N2) at least one of corresponding network node (N1, N2) the one or more information (CO) in bulk information (CO), respectively at corresponding described network node (N1, N2) in during reception information, by corresponding described network node (N1, N2) perform to connect the behavior of described information (CO), and do not verify the check information (CPS) combined with described information (CO), wherein, by corresponding described network node (N1 after performing described behavior, N2) verify described check information (CPS) and perform one or more predetermined measure when described check results is for negative.
Method the most according to claim 1, wherein, described communication network is the communication network (N) of automation equipment.
Method the most according to claim 1, wherein, described method is used in the communication network (N) of automation equipment, and described information (CO) is described as the control instruction for the step performed by corresponding network node (N1, N2) in the framework of the process performed by described automation equipment at least in part.
4. according to the method according to any one of claim 1-3, wherein, described check information (CPS) be included in the verification considering to produce in the case of described information (CO) and, wherein, to described verification and carry out described verification time can determine that whether described information (CO) is changed, and the information (CO) wherein, being changed is insecure information (CO).
Method the most according to claim 4, wherein, described verification and (CPS) be CRC check and and/or cryptographic check and, wherein, produce in the case of using Crypted password described cryptographic check and.
Method the most according to claim 5, wherein, produce in the case of using symmetrical and/or asymmetrical encryption method described cryptographic check and.
7. according to the method according to any one of claim 1-3, wherein, described check information includes authorisation verification, wherein, when described authorisation verification can be validated successfully in the framework verifying described check information (CPS), described information (CO) is reliable information (CO).
Method the most according to claim 6, wherein, described check information includes authorisation verification, wherein, when described authorisation verification can be validated successfully in the framework verifying described check information (CPS), described information (CO) is reliable information (CO).
9. according to the method according to any one of claim 1-3, wherein, at corresponding described network node (N1, N2) recovery information is stored in, the described behavior that can be performed in step b) by described recovery information is cancelled, wherein, this or these predetermined described measure described check results in step b) is to include during negative cancelling described behavior based on described recovery information.
Method the most according to claim 8, wherein, at corresponding described network node (N1, N2) recovery information is stored in, the described behavior that can be performed in step b) by described recovery information is cancelled, wherein, this or these predetermined described measure described check results in step b) is to include during negative cancelling described behavior based on described recovery information.
11. according to the method according to any one of claim 1-3, and wherein, this or these predetermined described measure described check results in step b) is to include output alarm signal during negative.
12. method according to claim 10, wherein, this or these predetermined described measure described check results in step b) is to include output alarm signal during negative.
13. according to the method according to any one of claim 1-3; wherein; in the communication network of automation equipment, use described method, and this or these predetermined described measure described check results in step b) is to include making one or more assembly emergency shutdowns and/or the emergency operating of described automation equipment during negative.
14. methods according to claim 12; wherein; in the communication network of automation equipment, use described method, and this or these predetermined described measure described check results in step b) is to include making one or more assembly emergency shutdowns and/or the emergency operating of described automation equipment during negative.
15. according to the method according to any one of claim 1-3, wherein, step b) is performed for meeting the information (CO) of one or more criterion, wherein, for not meeting the information (CO) of this or these described criterion, first verify described information (CO) described check information (CPS) and only described check results be certainly time and then perform to connect the behavior of described information (CO).
16. methods according to claim 14, wherein, step b) is performed for meeting the information (CO) of one or more criterion, wherein, for not meeting the information (CO) of this or these described criterion, first verify described information (CO) described check information (CPS) and only described check results be certainly time and then perform to connect the behavior of described information (CO).
17. methods according to claim 15, wherein, described information (CO) is included into time-critical or non-time critical information (CO), wherein, described information (CO) needs the criterion met to be, described information (CO) is time-critical.
18. methods according to claim 16, wherein, described information (CO) is included into time-critical or non-time critical information (CO), wherein, described information (CO) needs the criterion met to be, described information (CO) is time-critical.
19. methods according to claim 15, wherein, described method is used in the communication network of automation equipment, and described information (CO) is included into the information (CO) crucial or non-key for operation control device, wherein, described information (CO) needs the criterion met to be, the most described information (CO) is non-key for running described automation equipment.
20. methods according to claim 18, wherein, described method is used in the communication network of automation equipment, and described information (CO) is included into the information (CO) crucial or non-key for operation control device, wherein, described information (CO) needs the criterion met to be, the most described information (CO) is non-key for running described automation equipment.
21. methods according to claim 15, wherein, for the behavior change that connect at corresponding described network node (N1, the information (CO) of one or more parameter in N2), need the criterion met to be, i.e. the described change of at least one described parameter is positioned under predetermined degree or not on predetermined described degree.
22. methods according to claim 20, wherein, for the behavior change that connect at corresponding described network node (N1, the information (CO) of one or more parameter in N2), need the criterion met to be, i.e. the described change of at least one described parameter is positioned under predetermined degree or not on predetermined described degree.
23. methods according to claim 21, wherein, described method is used in the communication network of automation equipment, and this or these described parameter relates to one or more regulated quantity that can change in corresponding described network node (N1, N2) in terms of the process performed by described automation equipment.
24. methods according to claim 22, wherein, described method is used in the communication network of automation equipment, and this or these described parameter relates to one or more regulated quantity that can change in corresponding described network node (N1, N2) in terms of the process performed by described automation equipment.
25. methods according to claim 15, wherein, described information (CO) needs the criterion met to be, i.e. at corresponding described network node (N1 in the time interval in predetermined past, N2) receive identical or similar information (CO) in and perform based on step b), wherein, the described verification to the described check information (IPS) of described identical or similar information (CO) causes the check results of affirmative.
26. methods according to claim 24, wherein, described information (CO) needs the criterion met to be, i.e. at corresponding described network node (N1 in the time interval in predetermined past, N2) receive identical or similar information (CO) in and perform based on step b), wherein, the described verification to the described check information (IPS) of described identical or similar information (CO) causes the check results of affirmative.
27. methods according to claim 8, wherein, described authorisation verification is certificate.
28. 1 kinds of communication networks with multiple network node (N1, N2), wherein, the described network node (N1, N2) of described communication network so designs, and can perform a kind of method, wherein:
-at the network node (N1 of described communication network, N2) information (CO) is transmitted between, check information (CPS) combination that described information is verified with energy respectively, to determine that corresponding described information (CO) is the most reliable, wherein, information (CO) causes the check results of affirmative reliably, and insecure information (CO) causes the check results of negative;
-for being provided for described network node (N1, N2) at least one of corresponding network node (N1, N2) one or more information (CO) in bulk information (CO), respectively at corresponding described network node (N1, N2) in during reception information, by corresponding described network node (N1, N2) perform to connect the behavior of described information (CO), and do not verify the check information (CPS) combined with described information (CO), wherein, by corresponding described network node (N1 after performing described behavior, N2) verify described check information (CPS) and perform one or more predetermined measure when described check results is for negative.
29. communication networks according to claim 28, wherein, described communication network is the communication network of automation equipment.
30. so design according to the communication network described in claim 28 or 29, described communication network, i.e. can perform according to the method according to any one of claim 2 to 27 in described communication network (N).
31. 1 kinds for applying the network node in communication network according to claim 28, wherein, described network node (N1, N2) include receiving unit, performance element, verification unit, when described communication network runs, for being provided for one or more information (CO) in the bulk information (CO) of described network node, perform to connect the described behavior of described information when utilizing described reception unit to receive information (CO) check information (CPS) that described network node combines with described information without verification respectively, wherein, described network node utilizes verification unit verify described check information (CPS) and cause one or more predetermined measure when described check results is for negative after utilizing performance element to perform described behavior (CO).
32. 1 kinds for applying the network node in communication network according to claim 30, wherein, described network node (N1, N2) include receiving unit, performance element, verification unit, when described communication network runs, for being provided for one or more information (CO) in the bulk information (CO) of described network node, perform to connect the described behavior of described information when utilizing described reception unit to receive information (CO) check information (CPS) that described network node combines with described information without verification respectively, wherein, described network node utilizes verification unit verify described check information (CPS) and cause one or more predetermined measure when described check results is for negative after utilizing performance element to perform described behavior (CO).
CN201180042724.7A 2010-09-09 2011-08-16 For the method processing information in the communication network being made up of multiple network nodes Expired - Fee Related CN103081400B (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
DE201010044858 DE102010044858B4 (en) 2010-09-09 2010-09-09 A method for processing messages in a communication network from a plurality of network nodes
DE102010044858.3 2010-09-09
PCT/EP2011/064109 WO2012031861A1 (en) 2010-09-09 2011-08-16 Method for processing messages in a communication network consisting of several network nodes

Publications (2)

Publication Number Publication Date
CN103081400A CN103081400A (en) 2013-05-01
CN103081400B true CN103081400B (en) 2016-08-03

Family

ID=44545702

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201180042724.7A Expired - Fee Related CN103081400B (en) 2010-09-09 2011-08-16 For the method processing information in the communication network being made up of multiple network nodes

Country Status (5)

Country Link
US (1) US9021588B2 (en)
EP (1) EP2599258B1 (en)
CN (1) CN103081400B (en)
DE (1) DE102010044858B4 (en)
WO (1) WO2012031861A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102014207800B4 (en) 2014-04-25 2023-06-01 Bayerische Motoren Werke Aktiengesellschaft Method and device for reducing a network load in multicast and broadcast communication
US9621549B2 (en) * 2014-07-25 2017-04-11 Qualcomm Incorporated Integrated circuit for determining whether data stored in external nonvolative memory is valid

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1536914A (en) * 2003-04-10 2004-10-13 ����������ͨѶ�ɷ����޹�˾�Ͼ��ֹ� Protection method of PHS mobile communication PIM card authentication data
EP1615370A1 (en) * 2004-07-05 2006-01-11 Abb Research Ltd. Authentication of short messages
KR100749846B1 (en) * 2005-06-22 2007-08-16 한국전자통신연구원 Device for realizing security function in mac of portable internet system and authentication method using the device
US7353394B2 (en) * 2002-06-20 2008-04-01 International Business Machine Corporation System and method for digital signature authentication of SMS messages
DE102007040094A1 (en) * 2007-08-24 2009-02-26 Continental Automotive Gmbh Configuration modification e.g. software-update, executing method for e.g. car, involves verifying configuration modification message by utilizing credentials, and canceling configuration modification when associated credential is canceled

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5568380A (en) * 1993-08-30 1996-10-22 International Business Machines Corporation Shadow register file for instruction rollback
DE29901302U1 (en) * 1999-01-26 2000-03-30 Siemens Ag Network participants
US6772334B1 (en) * 2000-08-31 2004-08-03 Networks Associates, Inc. System and method for preventing a spoofed denial of service attack in a networked computing environment
US20070192863A1 (en) * 2005-07-01 2007-08-16 Harsh Kapoor Systems and methods for processing data flows
US7020079B2 (en) * 2001-10-23 2006-03-28 Sun Microsystems, Inc. Bypassing protocol checksum computations in communications across a reliable network link
AU2003276588A1 (en) * 2002-11-18 2004-06-15 Nokia Corporation Faster authentication with parallel message processing
WO2005052765A2 (en) * 2003-11-25 2005-06-09 Ultra-Scan Corporation Biometric authorization method and system
US8356178B2 (en) * 2006-11-13 2013-01-15 Seagate Technology Llc Method and apparatus for authenticated data storage
DE102007053255B4 (en) 2007-11-08 2009-09-10 Continental Automotive Gmbh Method for editing messages and message processing device
DE102008009691A1 (en) 2008-02-18 2009-08-20 Weinzierl Engineering Gmbh Automation building method for exchanging data, involves transmitting signature block to operating time and management telegrams after transmitting telegrams from sensor, where block is evaluated by actuators with security implementation

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7353394B2 (en) * 2002-06-20 2008-04-01 International Business Machine Corporation System and method for digital signature authentication of SMS messages
CN1536914A (en) * 2003-04-10 2004-10-13 ����������ͨѶ�ɷ����޹�˾�Ͼ��ֹ� Protection method of PHS mobile communication PIM card authentication data
EP1615370A1 (en) * 2004-07-05 2006-01-11 Abb Research Ltd. Authentication of short messages
KR100749846B1 (en) * 2005-06-22 2007-08-16 한국전자통신연구원 Device for realizing security function in mac of portable internet system and authentication method using the device
DE102007040094A1 (en) * 2007-08-24 2009-02-26 Continental Automotive Gmbh Configuration modification e.g. software-update, executing method for e.g. car, involves verifying configuration modification message by utilizing credentials, and canceling configuration modification when associated credential is canceled

Also Published As

Publication number Publication date
DE102010044858A1 (en) 2012-03-15
EP2599258A1 (en) 2013-06-05
US9021588B2 (en) 2015-04-28
CN103081400A (en) 2013-05-01
US20130167234A1 (en) 2013-06-27
WO2012031861A1 (en) 2012-03-15
EP2599258B1 (en) 2016-06-29
DE102010044858B4 (en) 2012-04-19

Similar Documents

Publication Publication Date Title
US11456891B2 (en) Apparatus and methods for authenticating cyber secure control system configurations using distributed ledgers
CN105278327B (en) Industrial control system redundant communication/control module authentication
JP5593416B2 (en) System and method for protecting a controller
JP5479699B2 (en) Apparatus and method for intrusion protection in a safety instrumented process control system
CN109479056B (en) For establishing the method and firewall system that arrive the communication connection of safety of industrial automation system
CN103376766A (en) Systems and methods for secure operation of an industrial controller
Valente et al. Cyber-physical systems attestation
CN110278718B (en) Method and computer for cryptographically protecting control communications and/or access to services of an IT system
US8484752B2 (en) Verifying authenticity of electronic control unit code
US20170171243A1 (en) Integrated industrial system and control method thereof
CN107038391A (en) Method and apparatus for protecting data integrity by embedded system
CN103081400B (en) For the method processing information in the communication network being made up of multiple network nodes
US20230244765A1 (en) Embedded processing system with multi-stage authentication
Kabir et al. A security-enabled safety assurance framework for IoT-based smart homes
JP6437457B2 (en) Device for identifying unauthorized operation of the system state of a control and regulation unit and nuclear technology equipment including the device
US12008099B2 (en) Method for safety responses to security policy violations
JP6468133B2 (en) In-vehicle network system
Negi et al. Intrusion Detection & Prevention in Programmable Logic Controllers: A Model-driven Approach
JP2015200971A (en) Control system equipped with falsification detection function
US10841284B2 (en) Vehicle communication network and method
CN112751807B (en) Secure communication method, device, system and storage medium
CN107491669A (en) The acquisition methods and device of superuser right
US10955830B2 (en) Systems and methods for designing and securing edge data processing pipelines
US20090150670A1 (en) Communication node authentication system and method, and communication node authentication program
WO2020137852A1 (en) Information processing device

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20160803

Termination date: 20200816

CF01 Termination of patent right due to non-payment of annual fee